Bug 1432966 introduced the unsafeSetInnerHTML function to avoid dealing with all the cases where our sanitizer would have broken innerHTML functionality.
We should track removing all those calls so that we can unship that function again and make it impossible to bypass the sanitizer.